Re: setuid and RLIMIT_NPROC and 3.1+

From: Linus Torvalds
Date: Wed May 09 2012 - 15:04:13 EST

Next message: Diwakar Tundlam: "RE: [PATCH] sched: Make nr_uninterruptible count a signed value"
Previous message: Sam Ravnborg: "Re: [PATCH 1/2] kconfig: change config_enabled() to accept Xinstead of CONFIG_X"
Next in thread: Linus Torvalds: "Re: setuid and RLIMIT_NPROC and 3.1+"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 7, 2012 at 1:13 PM, Maciej Åenczykowski
<zenczykowski@xxxxxxxxx> wrote:
>
> The application was relying on setuid failing in order to do resource limiting
> (the man page for setresuid documents EAGAIN as the error you'll get if you
> can't switch to the new uid because of RLIMIT_NPROC being exceeded).
> It would detect the error condition and slow down.
> Now it doesn't get an error back and can grow out of control.

Ok. Maybe we could change the logic in set_user() to simply just check
both the soft and the hard limit.

At the hard limit, we just fail it. At the soft limit, we mark the
next execve() for failure.

That would seem to be a very natural model, and it would mean that you
could get the old behavior by simply making the hard limit the same as
the soft limit.

Would that work ok for your use case?

Trivial (but TOTALLY UNTESTED - so maybe it doesn't work) patch attached.

Linus

Attachment: patch.diff
Description: Binary data

Next message: Diwakar Tundlam: "RE: [PATCH] sched: Make nr_uninterruptible count a signed value"
Previous message: Sam Ravnborg: "Re: [PATCH 1/2] kconfig: change config_enabled() to accept Xinstead of CONFIG_X"
Next in thread: Linus Torvalds: "Re: setuid and RLIMIT_NPROC and 3.1+"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]